Analysis Overview
SHA256
6cd3815491a990c667c2b93ad30826bcd0a73d4b814de71f4f7807eae04644e7
Threat Level: No (potentially) malicious behavior was detected
The file 91d31e9aa2fac95c0ed999d27f4912fa_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:42
Reported
2024-06-03 12:45
Platform
win7-20240508-en
Max time kernel
135s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0da0199b3b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0B74A21-21A6-11EF-A5E3-DA219DA76A91} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000007d5bc1d8fb93328f657bfdd21185bc6f37a4230e9eb5f75ee68754605e841285000000000e8000000002000020000000dba88816b8754ef113ee0c07e3d715a66549767ce6c6e598450f4e85ee8929c320000000e9c7a4c81c94c81fca51d4a00f61c931ceb5500ce9fd50e3da2be25d6308cf4a40000000cb1c36ebcf0083bcac4b295868f2005b8b4055b9a23b90f20abada2d3091655cae928c14282ef728bcf9b4333d65d01589c0324f338e3aaad18a719bb2797a8d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580422" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000002a36bc387b49f2d27658750eea546c47a5ae30898d2190c2d1c7596e9f5efd7f000000000e8000000002000020000000e609f005f653faa3d04d6e828fdc0d09ffd8fe7bb50706a380bb65159e8d825e900000003b80a407d2450126727d50e268a4821fd8806ee2800d819169dd7cba1c9cf643ba068f96c7bbf360c7c447d7371b5da181583e31a144a7d95d91d68a9bfee904428662a96b0fc458f0092fb45475d94be64f1798eaf5357387d72b0cdf57a7dfdfa3eb677ea322fcf161e0983b23090d441c896f467a786807d680c34619500023d4e9cf0ca5122fbf787c3283bea7fb40000000c0debfd9f576bee3378c958052c66aec7ec315ca14dfd76c71ad4e2067724956c97bd49816be45317372becc98e5b71edd2d5241115b42bf2f70c5eaaaf2ad89 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1644 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1644 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1644 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1644 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d31e9aa2fac95c0ed999d27f4912fa_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | drjoi.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:80 | translate.google.com | tcp |
| GB | 142.250.187.238:80 | translate.google.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | www.m3ntalo.at | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| DE | 217.160.0.147:80 | www.m3ntalo.at | tcp |
| DE | 217.160.0.147:80 | www.m3ntalo.at | tcp |
| US | 8.8.8.8:53 | asalchemi.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 172.217.169.42:443 | translate.googleapis.com | tcp |
| GB | 172.217.169.42:443 | translate.googleapis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\jv.moomenu[2].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b1f2da64f47469a8d2dca67a54474b6 |
| SHA1 | 3cad802897bed5b875980c736bce0045977833a1 |
| SHA256 | 3bd8d14b85f9a74e69021d4630e02e65ea255bc8a19d322bdd04015fe37ac973 |
| SHA512 | c366d69ed29e9482b6adff14fc81fce4b0ede6abd89b2be046839917940be611ac8ca9aa98f9fc9e8c07fdc491cc9eecb4129055b2867f4f0ba129d01d01860a |
C:\Users\Admin\AppData\Local\Temp\Tar3DFE.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab3DFB.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3E90.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 088ea0d50f377f3b09bd696ad758095c |
| SHA1 | 427dda0a941215f9af4d1217622506f03c058c24 |
| SHA256 | 306319e5f56886c202e5b57d2f2ad91cf8b2d6d7c6d56b1577713c6f2e56abe1 |
| SHA512 | 7dde847ac7247501db6a4eb23b54ea1b6cdd0508b8bfb32e1f2cb874402ee8287919c5f09cfa131919c3c507e21247bf98c703c4a675668b45b2e8b6472db920 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7411802c857dd139ef9603898e4e2d42 |
| SHA1 | b47ce3f6873a2afad552dd17b4aa31516b0c1ad4 |
| SHA256 | 30790d6ae98f7a1852599414f82a7dfb0e0e69b0aaeec4c8508cbb8cc3c4b67e |
| SHA512 | 67654550918aa40b52dbe26f977118cc99ae1501d87596b6b5c79cb75fe61708582936884da22b780807213494241bf7c2397d58fee4d9e8e1d694c889e4b488 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5630c8ac960ad2e6b47d94f563f8a988 |
| SHA1 | 244f27ff45d343918049c1c3124778929797d95e |
| SHA256 | 275cc609b1c21f777eff80952917b97e40d16caa461a6909779678266865dc88 |
| SHA512 | 9ae5c1702fcf73d12fb62210e2258f593b3078f4fa5e53bbfa92213ac8e9fdbb8cd3fa3a34790914ceccf446af127ba9797dfae004cf11c8fb43bebc608c99f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11c8f92af85b454c8ce663fbb06d10d0 |
| SHA1 | e67fa0a670561772c98be4514ab2e12e4001f574 |
| SHA256 | 1ec5e629d14ac69f35c0d0aa0a8392aaf5298ee1192a6186c8bb5fb76f4211a9 |
| SHA512 | 8398adef68c60ba3107eac0721af56863f5ffaba201ee629a3c2ee6de088b3b242348a9196792f7b8d4f3214aafdf90b7bb93099f4572eacb33fe8b125c804b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 409c82856bcafc7a48bc28a0ebe93072 |
| SHA1 | d10a5b60e152b6985d8bf55811a9c1f6731546cb |
| SHA256 | 562f866e005a7e366d4399f13e7461a0d0f01f6b469ab2a66dadf1d746d743af |
| SHA512 | 94f03f6a924a7d519eafcde9987ca7d9455fc59dea962b8e348f2ffdabb81e4de6bef6160ff3ff37f62ea127d6a2235b89ac5fcebf662713b0f449aa992f7995 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14a39c593d10c49f34411e94890d0f4e |
| SHA1 | cabacbbb2ae11a34897ec127734426ec3d505e22 |
| SHA256 | e90d68807c5af48ffb649a7c2f7f956ac08435c1dec5653969b4c23d844a3f64 |
| SHA512 | 7abcab327e2c3cd7821ec178c643cdd2a65d6450b9be831b129a1ba6bdeadf1b1284f9afb0ce2c8bb8ac50f23a59dda6ea6a936d1d1f3642e4fb2cea60c79062 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8de9b7f43b44c6ce00f77880f0c1ad5 |
| SHA1 | f6709e69cda128bddcad7c8d431dcd6d4a5137db |
| SHA256 | 4bc8d0c5227dc461dd84adc22ff0bad507e7b716669f29ce193b1891a7832b88 |
| SHA512 | a66d7b8a19f0fec79533aca833173d8e64ab29256f2942344447fd834c14c071dfc7d485a0adc8b1c5e05cfeb03eae491cf5a523d6c4a94a836118d2e700812c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 448a2af18ddcee0437c1ecf5bf113ce3 |
| SHA1 | c74507857d47204ddf2ee08e3d831f1b17d1cf4c |
| SHA256 | 276b3feed96fe1d06fb9e77ff61e101c57da3fb2e05ebf89a03a577196f49a85 |
| SHA512 | aeb4221a46732c6fcb60eb45fbfe94273f43b53dd190e74004c7a85d00e7fc991b64dc34148f4765c535794d255a0bde5723b157888ad0246aadc26dff9edd8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0d555685f39301d103e011bc1fbefb2 |
| SHA1 | 9fcc5923413f39874dc6e8ee4c0d66738326fb71 |
| SHA256 | 2b2bc4dafb8bb3c4af6dc0ba9d098c949edacbf3975ddebfb5ed225329466348 |
| SHA512 | a3cdee8e854f7395a82f2cd4251673eb1e2cab6f10bf102e13cdb87fac3c038dbc45eee79b760b52973fa17770f26e033dcfd72a81a3cf4d246487da9a57dc75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb9be83c17cce83ba6b46ceac7cb4596 |
| SHA1 | 9555961c6e69ae714fd769d8fcef6630214774f8 |
| SHA256 | 7d8f2082430df1106ee7f7e82c631fcb3ef49b5be9d769be1c9382ee4f544e24 |
| SHA512 | a0f20f19713951a9bf411aa5717644c4de2dd72f80c6f6ebae5e01cfc6efcd9d915c44d0f548ba7ac8f8298cbdea7873c0be3f45b652b290137df9c6cb4aa934 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76339e026ccfd96a93ef9c23e64b5019 |
| SHA1 | 9928f0739430ec042f87b31aac32248dbc57132c |
| SHA256 | b6ad2ebae1b615f681cc42063346b4d29d894e3fb065d70a989920b9ebe95b50 |
| SHA512 | 0603b002f432eee7d0be789892e3df0130742f3d948b80b363987ddc41b961a8af1af71e768605283e9c28c6be71af793c94e17e36366c0b35a0f7a099569720 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a47f12687f4d5d6127a7d4d2e0088c7 |
| SHA1 | e188c224c784456f37fc8d53974d6864bc542c08 |
| SHA256 | 8f998e84ed53a155ee3f7f67bc4e506842c8137e18dd2b5f60ea78afb3ac9132 |
| SHA512 | a06d88f16c86b19b09b58aed00a8fc63757e459891b7ecccc43f8635c7a84c778f53afabd15bdbe42887ad92332f675b5d999e25931450d5b6c5868e03927df7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23cdf9b88a37e16710f458bbfabf3a36 |
| SHA1 | 20a94e6e6917cc361c04d8b067d2a93998ef1b45 |
| SHA256 | 8a21cc9c5cf9422b6ad58553bfbf5ecdeac9c7318287c4fde2e84c21c8a62130 |
| SHA512 | 59d7af46f55edb0f414efc4db47bfbe60b75936dc2da53fba90ab9ee6083307b88576726d8da2416415e537262dcd41bfa02dfd9a05ee318ec984eb577f592c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 757340a19caac3dc110a68ecf47c8b78 |
| SHA1 | 30f811e964b73a44050c7f1d9b5ca4933169e425 |
| SHA256 | c37af4bd53673d3daeaa35473daacf92881274042549c8e8d890cefedfb1cdd0 |
| SHA512 | 3eaef025772e323914ad6f11b83e231961c645afda4dec4b0128c9ac685e1bae8b8eda121eda09bd46ce2282eef64de22926a2a313c277b6ce6608a6f58bf695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83d20e13491591e40efaa0025cd96157 |
| SHA1 | 1f43eb5ab569a4545ef92a8d96808e1c3cb9744f |
| SHA256 | c769f10ac7f94fa0e3d80fb091a64a252963bc3a68a76fd7a75dc3dae19e7172 |
| SHA512 | 8ed71772258eca14defe8d1943269d72ecd4c96aac16bb93793469794faaf249ef17d7f413d0fa6af3a63ee0094235148254e260fb568cd6a041947a7d21b02a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a83c255c54388ca51e22f87d590b0746 |
| SHA1 | 1e81fffe3c88250a5f177161735a49045fee46d4 |
| SHA256 | 1ff502097774bdcac26c6cbccac1bbe1f54459d79bfbb63a4753eba35bf8df65 |
| SHA512 | 4230f08f1069efa764feb88783658f1093abb713c0cdb7642349cf317428a6c718599dc77c41baa57641ec8e606e15e549bddd5fd80bd822635431c094740100 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c72d45d401b576dd54297da184f9d9c |
| SHA1 | b6213f5d299305619ee18360b8c174ad658e1485 |
| SHA256 | 10b1ebe844c8bfcbb56f4abb48317b285ab002a96b36d3a98b618aaae546f097 |
| SHA512 | 27f481efd039fcfa7009985c7530043607d69fd3f3e2e295c5536872140ac57d66568176f719de8d87c8d84323c942527ea174e1bdd87eabd297a657ca91eced |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff02f52a5c867bd6206913cf8adb371b |
| SHA1 | 1c44b6c64f2365560d042d3c34e5c58fef4bdf0a |
| SHA256 | de172d6f675d3cafd974e2d00088dd82d745ecada65e6079e0957f54d118d00a |
| SHA512 | 2bb0e815e7df050df86ea73fa512439e66631f2eb8b7c4c938238f51c8f11845671fea63c5cce52e5fe1d2ed7fc533e9533a93d2838b4e20cfac840f3822b95a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fa123f17b55cec8ad15d12e81d56fac |
| SHA1 | ab9ffb17c7db41de71f61c0f7a736b87bde471f8 |
| SHA256 | 8c00d58fd201314267d716757592141eb8cd876b0ba794610cd093dbbc1a3374 |
| SHA512 | f30619bc5a84380428530454603f5f8b0179e4f8cacae1f6194c223a9f553fa89e4bb2a579872e9a51b9df39859288cb4086100b29d951d780eb0cfdf185628b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55288586f164f8c06bd052b2e100dbbe |
| SHA1 | 1155ecb8125cd220774e56f1062076dd12a26819 |
| SHA256 | 62523bc9880147128b0959fc8dc5e9d6cd2c0e6bcf7fb5bff0ab9c6a3d47ade2 |
| SHA512 | 47c104f09970cb42f338dccc70a85e260c966296fc17139d3850ccc883e8d2442f4c7f4ddf98a8efa0e5618b30d95a902a6538369afe9420c52b25832fa01fd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6406d8dc9118fab791ad2a7750b0e91 |
| SHA1 | 3c07e2cfa39bd2894881a9aaf3f0e159d4b0a479 |
| SHA256 | ac6cb12707a54ed9b08f7fc389feb50283352216420b9290985cb9cc9595a66c |
| SHA512 | 8d720934b3b9355a474f9706f4951538a6cf54b9aecbc3ec7d032a184bdd201283c1c248c0c0c108fe6ac543a0475f75c55af511df17e61a7a4ce13098240003 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:42
Reported
2024-06-03 12:45
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
141s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d31e9aa2fac95c0ed999d27f4912fa_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4228,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4212,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=2572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5184,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5328,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5436,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5996,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5816,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | drjoi.com | udp |
| US | 8.8.8.8:53 | drjoi.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 3.33.130.190:80 | drjoi.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.169.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:80 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.187.202:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |